The need for 2FA security to defend against phishing attacks
“Security is, without a doubt, the most important thing we do at GitHub. Our entire job is to ensure the privacy and confidentiality of the code that our users entrust us with,” said Shawn Davenport, Vice President of Security at GitHub. The company, which hosts Universal Two Factor (U2F) open-source libraries as part of the GitHub repositories, adopted the U2F two factor standard for its platform. The goal was to provide U2F keys to employees and thousands of developers worldwide.
GitHub’s volume of sensitive data demands proactive efforts to constantly improve security and access controls. In September 2013, GitHub introduced two-factor authentication (2FA) with SMS and TOTP in an effort to elevate GitHub’s security posture. One of the drawbacks was the low reliability and usability of these methods at that time. In addition, they did not protect against modern hacker techniques, such as phishing and man-in-the-middle attacks.